Re: [libvirt] [PATCH v4 01/13] Adapt to VIR_STRDUP and VIR_STRNDUP in src/conf/*

Thu, 23 May 2013 06:46:38 -0700 

On 23.05.2013 15:04, John Ferlan wrote:
> On 05/20/2013 01:55 PM, Michal Privoznik wrote:
>> ---
> [...snip...]
> 
>> diff --git a/src/conf/nwfilter_params.c b/src/conf/nwfilter_params.c
>> index 2509c0d..ac5f7ed 100644
>> --- a/src/conf/nwfilter_params.c
>> +++ b/src/conf/nwfilter_params.c
>> @@ -79,19 +79,15 @@ virNWFilterVarValueCopy(const virNWFilterVarValuePtr val)
>>  
>>      switch (res->valType) {
>>      case NWFILTER_VALUE_TYPE_SIMPLE:
>> -        if (val->u.simple.value) {
>> -            res->u.simple.value = strdup(val->u.simple.value);
>> -            if (!res->u.simple.value)
>> -                goto err_exit;
>> -        }
>> +        if (VIR_STRDUP(res->u.simple.value, val->u.simple.value) < 0)
>> +            goto err_exit;
>>          break;
>>      case NWFILTER_VALUE_TYPE_ARRAY:
>>          if (VIR_ALLOC_N(res->u.array.values, val->u.array.nValues) < 0)
>>              goto err_exit;
>>          res->u.array.nValues = val->u.array.nValues;
>>          for (i = 0; i < val->u.array.nValues; i++) {
>> -            str = strdup(val->u.array.values[i]);
>> -            if (!str)
>> +            if (VIR_STRDUP(str, val->u.array.values[i]) < 0)
>>                  goto err_exit;
>>              res->u.array.values[i] = str;
>>          }
>> @@ -133,12 +129,10 @@ virNWFilterVarValueCreateSimple(char *value)
>>  virNWFilterVarValuePtr
>>  virNWFilterVarValueCreateSimpleCopyValue(const char *value)
>>  {
>> -    char *val = strdup(value);
>> +    char *val;
>>  
>> -    if (!val) {
>> -        virReportOOMError();
>> +    if (VIR_STRDUP(val, value) < 0)
>>          return NULL;
>> -    }
>>      return virNWFilterVarValueCreateSimple(val);
>>  }
>>  
>> @@ -654,17 +648,15 @@ virNWFilterHashTablePut(virNWFilterHashTablePtr table,
>>  {
>>      if (!virHashLookup(table->hashTable, name)) {
>>          if (copyName) {
>> -            name = strdup(name);
>> -            if (!name) {
>> -                virReportOOMError();
>> +            char *newName;
>> +            if (VIR_STRDUP(newName, name) < 0)
>>                  return -1;
>> -            }
>>  
>>              if (VIR_REALLOC_N(table->names, table->nNames + 1) < 0) {
>>                  VIR_FREE(name);
>>                  return -1;
>>              }
>> -            table->names[table->nNames++] = (char *)name;
>> +            table->names[table->nNames++] = newName;
>>          }
> 
> Coverity complains (see below too)
> 
> 648   {
> 
> (1) Event cond_true:  Condition "!virHashLookup(table->hashTable, name)", 
> taking true branch
> 
> 649       if (!virHashLookup(table->hashTable, name)) {
> 
> (2) Event cond_true:  Condition "copyName", taking true branch
> 
> 650           if (copyName) {
> 651               char *newName;
> 
> (3) Event cond_false:         Condition "virStrdup(&newName, name, true /* 1 
> */, VIR_FROM_NWFILTER, "conf/nwfilter_params.c", <anonymous>, 652) < 0", 
> taking false branch
> 
> 652               if (VIR_STRDUP(newName, name) < 0)
> 653                   return -1;
> 654   
> 
> (5) Event cond_false:         Condition "virReallocN(&table->names, 8UL /* 
> sizeof (*table->names) */, table->nNames + 1) < 0", taking false branch
> 
> 655               if (VIR_REALLOC_N(table->names, table->nNames + 1) < 0) {
> 656                   VIR_FREE(name);
> 657                   return -1;
> 
> (6) Event if_end:     End of if statement
> 
> 658               }
> 659               table->names[table->nNames++] = newName;
> 660           }
> 661   
> 
> (7) Event cond_true:  Condition "virHashAddEntry(table->hashTable, name, val) 
> < 0", taking true branch
> 
> 662           if (virHashAddEntry(table->hashTable, name, val) < 0) {
> 
> (8) Event cond_true:  Condition "copyName", taking true branch
> 
> 663               if (copyName) {
> 
> (9) Event freed_arg:  "virFree(void *)" frees parameter "name". [details]
> 
> 664                   VIR_FREE(name);
> 665                   table->nNames--;
> 666               }
> 667               return -1;
> 668           }
> 
> 
> In particular, the "VIR_FREE(name)" causes a problem in one of the callers,
> see below.  So I think the fix is to dump "newNames" up one level, then 
> change:
> 
> 664                   VIR_FREE(name);
> 665                   table->nNames--;
> 
> to 
> 
> 664                   VIR_FREE(newName);
> 665                   table->nNames--;
> 
> 
> John

Right, it took me a while to parse the coverity output, and here's the
part of the original code that confused me:

     if (!virHashLookup(table->hashTable, name)) {
         if (copyName) {
             name = strdup(name);



> 
> 
>>  
>>          if (virHashAddEntry(table->hashTable, name, val) < 0) {
>> @@ -1006,11 +998,8 @@ virNWFilterVarAccessParse(const char *varAccess)
>>  
>>      if (input[idx] == '\0') {
>>          /* in the form 'IP', which is equivalent to IP[@0] */
>> -        dest->varName = strndup(input, idx);
>> -        if (!dest->varName) {
>> -            virReportOOMError();
>> +        if (VIR_STRNDUP(dest->varName, input, idx) < 0)
>>              goto err_exit;
>> -        }
>>          dest->accessType = VIR_NWFILTER_VAR_ACCESS_ITERATOR;
>>          dest->u.iterId = 0;
>>          return dest;
>> @@ -1023,11 +1012,8 @@ virNWFilterVarAccessParse(const char *varAccess)
>>  
>>          varNameLen = idx;
>>  
>> -        dest->varName = strndup(input, varNameLen);
>> -        if (!dest->varName) {
>> -            virReportOOMError();
>> +        if (VIR_STRNDUP(dest->varName, input, varNameLen) < 0)
>>              goto err_exit;
>> -        }
>>  
>>          input += idx + 1;
>>          virSkipSpaces(&input);
> 
> 
> Coverity complains:
> 
> 
> 
> 
> 746   static void
> 747   addToTable(void *payload, const void *name, void *data)
> 748   {
> 749       struct addToTableStruct *atts = (struct addToTableStruct *)data;
> 750       virNWFilterVarValuePtr val;
> 751   
> 
> (1) Event cond_false:         Condition "atts->errOccurred", taking false 
> branch
> 
> 752       if (atts->errOccurred)
> 753           return;
> 754   
> 755       val = virNWFilterVarValueCopy((virNWFilterVarValuePtr)payload);
> 
> (2) Event cond_false:         Condition "!val", taking false branch
> 
> 756       if (!val) {
> 757           virReportOOMError();
> 758           atts->errOccurred = 1;
> 759           return;
> 
> (3) Event if_end:     End of if statement
> 
> 760       }
> 761   
> 
> (4) Event freed_arg:  "virNWFilterHashTablePut(virNWFilterHashTablePtr, char 
> const *, virNWFilterVarValuePtr, int)" frees "name". [details]
> (5) Event cond_true:  Condition "virNWFilterHashTablePut(atts->target, (char 
> const *)name, val, 1) < 0", taking true branch
> Also see events:      [pass_freed_arg]
> 
> 762       if (virNWFilterHashTablePut(atts->target, (const char *)name, val, 
> 1) < 0){
> 
> (6) Event pass_freed_arg:     Passing freed pointer "name" as an argument to 
> function "virReportErrorHelper(int, int, char const *, char const *, size_t, 
> char const *, ...)".
> Also see events:      [freed_arg]
> 
> 763           virReportError(VIR_ERR_INTERNAL_ERROR,
> 764                          _("Could not put variable '%s' into hashmap"),
> 765                          (const char *)name);
> 766           atts->errOccurred = 1;
> 767           virNWFilterVarValueFree(val);
> 768       }
> 769   }
> 
> 
> The complaint being 'name' could be VIR_FREE()'d and we would be using it in 
> a virReportError()

Yup, that due to the bug in virNWFilterHashTablePut().

Michal

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Reply via email to